Android Malware Hits One Million Users

Bogus Android apps have helped hackers seize control of more than a million Google accounts in the past few months according to a security company. The apps have also been posting fake online reviews in the names of victims.

The attack involves malware that's been dubbed "Gooligan." It's particularly concerning because of the sheer amount of personal data a hacker could theoretically access if they can use somebody's Google accounts, such as their email messages and any files stored on Google Docs and Drive.

The malware affects devices running versions 4 and 5 of the Android operating system, known also as Jelly Bean, KitKat or Lollipop (with Marshmallow [6] and Nougat [7] being the latest versions). Although versions 4 and 5 are older editions of the Android operating system, they are still popular on cheaper handsets that can't be updated. Checkpoint, the security firm that identified Gooligan, says 74 percent of Android phones and tablets used today are running one of these systems. (Source: checkpoint.com)

Third-Party Apps Provide Attack Route

The hackers took advantage of what's both a benefit and drawback of Android - namely it's open nature. Gooligan takes hold through rogue apps that aren't distributed through the main Google Play store, but rather through third-party stores.

With Android, users can specify if they would like to allow third-party downloads that do not originate from the Google Play (app) store. In this case, it's possible to later grant permission for a third-party download on a website offering up apps; in some cases, it's reported that victims of Gooligan may have unintentionally installed apps by clicking on links in bogus text messages. Once installed, Gooligan takes advantage of known security flaws in older editions of Android where either the user hasn't installed a fix, or where one isn't available for their handset.

Bogus Downloads Rake In Cash

Rather than mischief making (such as distributed denial of service attacks), Gooligan is all about making money. It takes advantage of the fact that many apps on Google Play are free; instead of users paying for an app, developers will instead insert advertisements - often recommending third-party apps on Google Play. When a user installs a third-party app (based on a recommendation), the aforementioned app developer gets paid a commission.

The way Gooligan makes its cash is by simulating the user selecting a link to install an app, with the people behind Gooligan then claiming the commission. In many cases it will falsify the information it provides to make it look like the download is happening on multiple devices, and claim multiple commission payments. It even uses the device's Google account to post bogus reviews for the app in question.

The good news is that to date it appears the hackers are more interested in the bogus downloads and reviews than in accessing other areas of a user's Google accounts. Google says it is contacting known victims to help them regain uncompromised access to their accounts. (Source: google.com)

What's Your Opinion?

Is it possible to prevent attacks such as this without undermining the open nature of Android? Should manufacturers set up devices so they can't install apps other than through Google Play? Or is it up to users to take responsibility if they choose to use third-party app stores?